CS Nov-Dec 2022

Computing
Security
Secure systems, secure data, secure people, secure business
UNDER LOCK AND KEY
GDPR breaches are hit
with massive EU fines
NEWS
OPINION
INDUSTRY
COMMENT
CASE STUDIES
PRODUCT REVIEWS
DEEP INSIDE DEEPFAKES
Growing threat
sparks alarm
OH,WHAT A NIGHT!
Computing Security
Awards 2022 celebrate
the best of the best
NO MASKING RANSOMWARE SPIKE
Businesses show ‘shocking’
lack of readiness to defend themselves
as attacks soar
Computing Security November/December 2022

Nobody likes feeling
vulnerable.
It’s the same when it comes
to information security.
That’s why our services have been designed
to provide you with the information security
assurances you, and your clients, require.
Penetration Testing
Red Teaming
Information Security Consultancy
www.pentest.co.uk
contact@pentest.co.uk
0161 233 0100
pentest
INFORMATION SECURITY ASSURANCE

comment
WHY DATA ETHICS MATTER
Data ethics is no longer an academic or niche geek issue, as it has been since the
inception of the internet and the world wide web. It has never been more
urgent.
That is the timely warning from Annie Machon in her newly released book, ‘The
Privacy Mission: Achieving Ethical Data for Our Lives Online’. And Machon should know.
After all, she began her career working as an intelligence officer for MI5, has extensive
experience as an international public speaker, writer, media commentator and political
campaigner, and is now the director of the World Ethical Data Foundation.
As she points out: "Data ethics is an issue that affects all of us now, as
our personal and professional lives increasingly take place online. Who controls access
to the hardware, who runs the software, who can spy on us, hack us, data farm us?
What are the threats that we need to mitigate against democratically, societally and
personally? How can corporations protect us and how can that help their bottom line?"
'The Privacy Mission' aims to answer these questions, and summarise both the
overarching concepts and principles about why data ethics is important. It offers
practical solutions for companies, policy makers and individuals to push back against
known threats and future proof themselves, going forward. This book is not only timely,
though - it's necessary. In an age when data has gone way beyond abundant and data
ethics are constantly being eroded, making sure we protect ourselves, our businesses
and those with whom we interact is something that falls to us all.
See page 15 for an extract from Annie Machon's book.
Brian Wall
Editor
Computing Security
brian.wall@btc.co.uk
EDITOR: Brian Wall
(brian.wall@btc.co.uk)
LAYOUT/DESIGN: Ian Collis
(ian.collis@btc.co.uk)
SALES:
Edward O’Connor
(edward.oconnor@btc.co.uk)
+ 44 (0)1689 616 000
Daniella St Mart
(daniella.stmart@btc.co.uk)
+ 44 (0)1689 616 000
Stuart Leigh
(stuart.leigh@btc.co.uk)
+ 44 (0)1689 616 000
PUBLISHER: John Jageurs
(john.jageurs@btc.co.uk)
Published by Barrow & Thompkins
Connexions Ltd (BTC)
35 Station Square,
Petts Wood, Kent, BR5 1LZ
Tel: +44 (0)1689 616 000
Fax: +44 (0)1689 82 66 22
SUBSCRIPTIONS:
UK: £35/year, £60/two years,
£80/three years;
Europe: £48/year, £85/two years,
£127/three years
R.O.W:£62/year, £115/two years,
£168/three years
Single copies can be bought for
£8.50 (includes postage & packaging).
Published 6 times a year.
© 2022 Barrow & Thompkins
Connexions Ltd. All rights reserved.
No part of the magazine may be
reproduced without prior consent,
in writing, from the publisher.
www.computingsecurity.co.uk Nov/Dec 2022 computing security
@CSMagAndAwards
3

Secure systems, secure data, secure people, secure business
Computing Security November/December 2022
inside this issue
CONTENTS
Computing
Security
UNDER LOCK AND KEY
GDPR breaches are hit
with massive EU fines
OH,WHAT A NIGHT!
NEWS
OPINION
INDUSTRY
COMMENT
CASE STUDIES
PRODUCT REVIEWS
DEEP INSIDE DEEPFAKES
Growing threat
sparks alarm
Computing Security
Awards 2022 celebrate
the best of the best
NO MASKING RANSOMWARE SPIKE
COMMENT 3
Why data ethics matter
Businesses show ‘shocking’
lack of readiness to defend themselves
as attacks soar
NEWS 6 & 8
Bitdefender partners with Ferrari
Ransomware on the rampage
Pulling a FAST one
Data breach cost hits all-time high
Channel 4 steps up safety of data
ARTICLES
THE DATA ETHICS QUEST 15
Annie Machon's book, 'The Privacy
Mission: Achieving Ethical Data for Our
Lives Online', takes readers into a world
where data ethics walks a fragile line
SURVIVING THE SHOCKWAVES 10
To misquote a line from a classic film
and attribute it to the year that’s fast
approaching: 'Fasten your seatbelts, it's
going to be a bumpy 2023!' Computing
Security has been asking those in the know,
for better or worse, what they believe we
might be in store for in those 12 months.
PATH TO SECURITY ASSUREDNESS 18
Paul Harris, managing director at Pentest
AWARDS NIGHT A WIN-WIN-WIN! 16
Limited, shows how confidence can be
What an atmosphere, what an occasion!
your information security secret weapon
The Computing Security Awards 2022,
held at a top London venue, once again
DYSTOPIAN WORLD OF DEEPFAKES 20
showcased the enormous wealth of talent
Matt Lewis, commercial research director
that exists right across our industry. See all
at NCC Group, considers what threats
of the winners in our 2-page coverage.
‘deepfakes’ might pose, in the wake of
BBC series ‘The Captive’
YOU AND YOUR DATA 22
Nick Evans, GeoLang's sales and marketing
manager, reveals why having a solid
data management plan is so important
RANSOMWARE ON THE RAMPAGE 24
With 24% of businesses identified in recent
GETTING THE BALANCE RIGHT 30
research as having been victims subjected
Mike Nelson, VP of IoT Security at
to an attack, the omens for the year
DigiCert, explains what the EU Cyber
ahead look worrying. What are the latest
Resilience Act means, in the first move
strategies and techniques they can turn to
to legislate cybersecurity for the IoT
that will enable them to fight back?
BUILDING A CAPTIVE AUDIENCE 32
Packets provide the ’only truly definitive
evidence of performance and security
issues’ that happen on a network, states
Mark Evans, VP of marketing, Endace,
REGULATORS MEAN BUSINESS! 38
who argues the case for packet capture
The second largest ever fine for a breach
of the General Data Protection Regulation
THE SLIDE TOWARD DATA CARNAGE 34
was slapped on Instagram recently - 405
A new extortion technique could see
million euros. Will this force organisations
threat actors shift their focus towards
to adopt stricter data management and
leveraging Exmatter, in order to destroy
protection measures going forward?
data, rather than encrypt it, warns Cyderes
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk
4

We focus on your
cybersecurity threats,
so you can focus on
your business.
Managed
Services
Identity & Access
Management
Professional
Services

news
Andy Harris,
Osirium.
PULLING A FAST ONE
US business and media publication
Fast Company being hacked - and
then "obscene and racist" notifications
being sent to Apple users - shows how
vulnerable organisations are to such
incidents. "Attackers are increasingly
using weak, stolen, or otherwise
compromised credentials to breach
organisations," warns Andy Harris, CTO,
Osirium. "Although many businesses
have taken steps in implementing
rigorous password policies, SysAdmin
credentials still need protecting from
abuse. Password education is a good
place to start - and not sharing
credentials is critical, as proven in
the Fast Company breach.
"Sharing passwords negates individual
accountability," adds Harris, "something
that Privileged Access Management
[PAM] can preserve in a way that
Password Vaults cannot."
BITDEFENDER PARTNERS WITH FERRARI
Bitdefender has entered into a multi-year partnership
with Ferrari S.p.A. to become cybersecurity global
partner of Scuderia Ferrari, which is competing in the
FIA Formula 1 World Championship.
As a partner, starting at the Formula 1 Singapore Airlines,
Singapore Grand Prix 2022, Bitdefender will display its
company logo on Ferrari drivers' helmets, as well as on
the F1-75 single-seater driven by Charles Leclerc and
Carlos Sainz, and, from 2023, on racing suits and
team uniforms.
Comments Florin Talpes, Bitdefender co-founder and chief
executive officer: "When every second counts, only the
most advanced cars win races on the track, and only the
most advanced technology has the power to effectively
Ferrari driver Carlos Sainz.
prevent, defend and respond to cyberattacks."
RANSOMWARE ON THE RAMPAGE
Nearly a quarter of businesses surveyed have suffered from
a ransomware attack, with a fifth occurring in the past
12 months. That is according to a latest annual report from
cybersecurity specialist Hornetsecurity. The 2022 Ransomware
Report, which polled more than 2,000 IT leaders, discloses
that 24% have been victims of a ransomware attack, with
one in five (20%) attacks happening in the last year.
States Hornetsecurity CEO Daniel Hofmann: "Our survey
shows that many in the IT community have a false sense of
security. As bad actors develop new techniques, companies
like ours have to do what it takes to come out ahead and
protect businesses around the world."
For more data and insights, go to this link:
https://www.hornetsecurity.com/en/knowledgebase/ransomware/ransomware-attacks-survey-2022
PHISHING SCAM TARGETED WETRANSFER
According to Metro, hackers have been actively adopting
a new phishing scam by disguising malware as WeTransfer
links. The scam involves hackers sending a 'Proof of Payment'
document from WeTransfer, but instead sharing a link
containing malware. Cybersecurity researchers from Cofense
found that hackers distributed a malware called Lampion,
using the misleading links
States Jake Moore, global cyber security advisor at ESET:
"People need to verify the source of attachments, irrespective
of the carrier, and, if they are not expecting it, they should
carry out further due diligence. If the attachment received is
a zip file, people need to be extra cautious."
Daniel Hofmann,
Hornetsecurity.
Jake Moore, ESET.
6
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

news
Bogdan
Botezatu,
Bitdefender.
VULNERABILITIES COULD GIVE
ATTACKERS FULL ACCESS TO ASSETS
Bitdefender recently released
vulnerability research on Device42, a
comprehensive data centre and popular
asset management platform that
enables IT administrators to discover,
map and manage hardware, software,
devices and networks on premises and
across cloud environments.
Research reported that attackers who
were exploiting these vulnerabilities
could gain full access to the assets
housed inside the platform through
remote code execution (RCE). Bogdan
Botezatu, director of threat research &
reporting at Bitdefender, comments:
"These vulnerabilities can expose
extremely sensitive information
belonging to organisations and, when
they result in remote code execution,
they can also be used to plant malware
on the company's network. In order to
protect their assets, organisations need
to run periodic security assessments of
third-party applications, identify
vulnerabilities and misconfiguration, and
patch immediately."
DATA BREACH COST HITS ALL-TIME HIGH
The average cost of a data breach rose to an all-time
high of $4.4 million this year, according to IBM Security.
Trevor Dearing, director of critical infrastructure solutions
at Illumio, says many of the highest-cost breaches involved
critical infrastructure, evidence that criminals have realised
they can increase their profitability by disrupting the availability
of services, thereby increasing the likelihood that
their ransomware demands will be met, as organisations
struggle to get life-saving systems back up and running as
fast as possible.
"By taking a Zero Trust approach, segmenting critical assets,"
advises Dearing, "and only allowing known and verified
communication between environments, security teams
can limit the impact of an attack for both the organisation Trevor Dearing, Illumio.
and its customers."
VIPRE SPREADS THE E-LEARNING MESSAGE ACROSS EMEA
VIPRE Security Group is now offering the full library
of its award-winning training content to its partners
and clients across Europe, the Middle East and Africa
(EMEA). Inspired eLearning, part of VIPRE Security
Group, offers "security awareness and compliance
eLearning solutions that drive positive and measurable
changes in organisational culture", says the company,
helping businesses protect themselves against cyberattacks
and regulatory violations.
"With strict regulations in place from GDPR, PCI
[Payment Card Industry Compliance], and businesses
attempting to gain or retain ISO27001 accreditation,
it has never been a better time for businesses to invest
in their cybersecurity strategy," says the company’s
VP EMEA B2B, Robert den Drijver.
CHANNEL 4 STEPS UP SAFETY OF DATA
Robert den Drijver, VIPRE.
As part of protecting the information it collects, in line with regulations such as
the GDPR, Channel 4 needs to secure vast amounts of information, including
the data of 24 million All 4 subscribers, staff details and all of its intellectual
property, and be able to demonstrate that this data is safe and secure.
Previously, the television network would perform a penetration test and, after
getting the results, have to fix the issue and then pay for another penetration test.
"That could be quite a cycle," says Channel 4 CISO Brian Brackenborough,
"depending on how complicated the particular project was." Now Channel 4 is
saving the organisation's security department thousands each year, it is reported,
after partnering with Invicti Security to gain complete visibility into its web assets.
8
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

2023 predictions
SURVIVING THE SHOCKWAVES
TO SLIGHTLY MISQUOTE A PRICELESS LINE FROM A CLASSIC FILM AND ATTRIBUTE IT TO THE YEAR
THAT'S RAPIDLY APPROACHING: 'FASTEN YOUR SEATBELTS, IT'S GOING TO BE A BUMPY RIDE!'
You have only to look at the state of
our economy and the political turmoil
in the UK right now to realise 2023 is
going to be a tough year to get through in
sound health as a business. Never mind
thriving, more a case of surviving.
Meanwhile, as far as computing security
goes, the challenges remain as immense as
ever, if not more so, with the number of
cyber-attacks soaring and the methods of
infiltration growing ever more pervasive and
sophisticated. What can we expect, then, in
the year ahead? Which will prove to be the
'killer' solutions to ward off the attackers?
Will there be new ways to make ourselves
safer -ie, where will the next breakthrough
come from to bolster our resilience and
safeguard the systems on which
organisations depend? Computing Security
has been asking those who spend their
working days fighting against the 'darker
forces'. Here is how they see the world, for
better or worse, in the 12 months ahead.
ANDY SYREWICZE, TECHNICAL
EVANGELIST AT HORNETSECURITY
"The rate of cyber security breaches is
accelerating. There are many reasons for this,
but we can really break it down to a few key
things. First, it's a fact that the increasing
complexity and requirements of IT systems
create more opportunity for breaches. For
example, with hybrid work, workers are
more distributed than ever and IT teams are
struggling to best manage this distributed
workforce. Cloud deployments are becoming
increasingly vast, with many third-party APIs
and interconnected hooks into production
systems. "Every API in use, every 'one-off'
connection, is another avenue for cyber
criminals to exploit in an attempt to
compromise critical business systems. Digital
transformation is accelerating, not slowing
down, so we're expecting this trend to
continue until a critical mass of businesses
realise that there needs to be a balance
between fast digital adoption and sustainable
security across the entire digital estate.
"Secondly, we've seen time and time again
where massive security measures were
sidestepped, simply because an end user
fell prey to social engineering. For example,
the recent Uber breach shows us that
technologies like multi-factor authentication
are still susceptible to social engineering
techniques. In this case, a combination of
MFA Prompt Fatigue and carefully crafted
WhatsApp messages claiming to be from
Uber support were enough to trick an
external contractor into helping the attacker
get past the MFA process. In this case, and
many others like it, proper end-user security
awareness training for all users will go a long
way towards cultivating a sustainable security
culture and help prevent future breaches.
"Finally, one key thing we've seen with Zero-
Day threats throughout the year is the fact
that the amount of time between the
discovery of an exploit and when it begins
seeing use in the wild is shrinking. System
admins are increasingly under pressure to
apply Zero-Day patches in a timely manner,
in order to mitigate these risks. In the coming
year, system admins need to be aware of this
shift, and make sure they stay informed and
up to date on their patching schedules, in
order to reduce vulnerability."
MIKE NELSON, VP OF IOT SECURITY
AT DIGICERT
"Matter will become the household standard
for the smart home. Interoperability is
a problem that plagues home IoT. Many
IoT home devices are proprietarily divided
between vendors. In 2022, Matter - a new
smart home standard - erupted into the
space, with the intention of securing and
enabling communication between devices,
no matter which vendor they come from.
"In 2023, this ground-breaking new
standard will likely be uptaken with
great enthusiasm, as users, vendors and
manufacturers seize hold of its undeniable
benefits. Uptake has already been rapid,
with Google, Amazon, Apple and Samsung
backing it from inception. The latest
Apple iOS 16 is already supporting it and
manufacturers will not be able to resist
adopting it for long."
Code Signing will move to the cloud. "As
Code-Signing becomes an ever-greater asset
to supply chain security, industry regulators
are stepping up. In November 2022, the CA/B
Forum will demand that private keys for OV
Code Signing certificates be stored on devices
that meet a minimum security standard.
In 2023, we predict that users will migrate -
en masse - to cloud signing as a direct
response to this new hardware requirement."
10
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

2023 predictions
Meanwhile, EU Digital Identity will become
a model for global government Identities,
states Stephen Davidson, senior manager in
DigiCert's global Governance, Risk and
Compliance team.
"The EU Digital Identity Wallet is a European
Commission initiative under the eIDAS
Regulation that will create a unified digital
identification system across Europe. The EU
Digital ID Wallet will allow European citizens
to carry eID versions of their official government
ID documents in a secure mobile wallet
application for use in online authentication
and electronic signatures. Also, the wallets
will carry 'electronic attribute attestations' -
supplemental aspects of identity like a
professional qualification - that can be
presented either with the personal identity
or separately." The EU has significant crossborder
projects lined up in financial services,
education and healthcare, he points out.
ASHLEY STEPHENSON, CTO,
CORERO NETWORK SECURITY
"The spiralling series of DDoS records will
continue to be set and broken. In the last few
months, we've seen multiple broken records
for DDoS attack sizes, in terms of packets per
second. In July, a record was set when one
unnamed actor launched an attack of 659.6
million packets-per-second. That record was
broken shortly after in September, when
another attack achieved a new record of
704.8 million packets per second.
"DDoS attacks have classically attempted
to send fewer packets of larger sizes, which
aim at paralysing the internet pipeline by
exceeding available bandwidth. More recent
record-breaking attacks, however, send more
packets of smaller size, which target more
transactional processing to overwhelm
a target. In 2023, we'll see even more
records broken as attackers deploy ever
higher packets-per-second in their attacks."
More breach reports and possible personal
executive blowback. "The last few years have
seen an explosion of data protection
regulation around the world. In 2023, that
will mean we see more breach reports as
more organisations become compelled to
publicly disclose these cyber incidents.
"The legal responsibility for bad corporate
behaviour when dealing with breaches may
also redound to individual executives. Joe
Sullivan, former head of security at Uber,
was recently found guilty of hiding a breach
on the ride-sharing giant in 2016. This
example may set a precedent for other court
cases in 2023 and make data protection
decisions a matter of personal legal
accountability for executives.
"DDoS attackers will continue to outwit
legacy defences," Stephenson further
comments, "and DDoS will still be a weapon
in the Ukraine conflict. "Cyberwarfare has
always been an aspect of the conflict in
Ukraine. DDoS attack numbers exploded
after the Russian invasion in February and
DDoS will continue to be an asymmetric
weapon in the continuing struggle."
CAMILLE CHARAUDEAU, VICE
PRESIDENT, PRODUCT STRATEGY
AT CYBELANGEL
"Gartner named attack surface expansion as
one of the top security threats of 2022 and
we think this is going to continue in 2023.
Most organisations start out by thinking of
their external attack surface in terms of
their known assets. As their security strategy
matured, many progressed to tackling
shadow IT, which are assets and services that
their IT and security teams are unaware of,
but are still owned by the organisation.
"In 2023, enterprises will likely see increased
attacks on their extended attack surfaces,
which include their entire supply chain
ecosystem of suppliers, distributors, partners,
vendors, who in turn bring along their own
supply chain with varying levels of maturity
in security practices. With increased globalisation
and decentralisation of operations,
Mike Nelson, DigiCert: in 2023, users will
migrate, en masse, to cloud signing.
Andy Syrewicze, Hornetsecurity: system
admins are increasingly under pressure to
apply Zero-Day patches in a timely manner.
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2022 computing security
11

2023 predictions
Camille Charaudeau, CybelAngel:
enterprises will likely see increased
attacks on extended attack surfaces.
Stephen Cavey, Ground Labs: global
regulators are now putting stronger laws
in place to protect their citizens' data.
an extended attack surface quickly expands
beyond an organisation's own controlled
perimeter and robust security practices.
Simply doing business with companies with
less mature security practices will increase
risks in your own systems and processes.
"Security leaders will need to supercharge
their external attack surface management
(EASM) programs to include digital risk
protection solutions (DRPS), as these
technologies strongly complement each
other, to provide more comprehensive
coverage than either alone. This means
eliminating blind spots and achieving full
visibility with a continuously updated asset
inventory, and having a full suite of tools
to handle business-critical risks, such as
credentials leakage, typo-squatting threats
or intellectual property exposure, to fully
prevent multi-vector cyber-attacks.
"Organisations need to go beyond
perimeter-centric defence and start thinking
like attackers," says Charaudeau. "This means
adopting a proactive posture and taking an
outside-in approach, with vigilant monitoring
of possible exposures in their extended
external attack surface. Doing this will enable
enterprises to fully maximise the value of their
vulnerability management, and endpoint
detection and response programs, and
ensure issues can be remediated expediently
before bad actors can take advantage of
them."
STEPHEN CAVEY, CO-FOUNDER
& CHIEF EVANGELIST, GROUND LABS
"The twin forces of globalisation and the
explosion of connected technology have
made it easy for anyone to do business
anywhere. Now, business owners can
transact with people across the world
from the comfort of their own living rooms.
The ease with which businesses now interact
with customers and partners anywhere in
the world can betray a real concern of being
involved in international business: data
compliance.
"Over the last five years, global regulators
have recognised this reality and are now
putting stronger laws in place to protect their
citizens' data. If you do business in a territory
- however small the revenue or however
quick the transaction - then you may be
subject to their data protection regulations.
In 2023, as international regulations settle
into place, organisations will slowly begin
to understand what they need to comply
with and where they need to comply. Either
they'll make appropriate changes or face the
consequences from any number of regulatory
regimes around the world.
"As cyber-attacks continue and cybercriminals
become ever more creative, cyberinsurance
will become harder to attain in
2023. Premiums will increase, requirements
will get tougher and more businesses will
see rejections for cyber insurance coverage.
Companies will begin to understand that
they must invest in protecting and managing
the data from the ground up and not merely
buy a cyber-insurance policy to protect
against potential losses.
"As international regulation ramps up
around the world, organisations will be
forced to question how much data they need
to collect about individuals, in order to deliver
their product of service. Previous years have
been characterised by a hungry accumulation
of data, with the hopes that it could be
monetised or used to improve services later
down the line. However, as international
regulation locks into place around the world,
organisations will be made to account for
the individual types of data they collect and
justify this on an ongoing basis."
DAN MURPHY, DISTINGUISHED
ARCHITECT, INVICTI SECURITY
From a major ride-sharing company to a
well-known entertainment giant, breaches
that expose sensitive data are becoming
commonplace, points out Invicti Security’s
distinguished architect Dan Murphy.
"Neither of these attacks was a complex
12
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

2023 predictions
zero-day exploit. They both relied on the
weakest links of any software process:
people.
"Unfortunately, user error will dominate
the next year of cybersecurity pitfalls.
Because software is now an unknowable
complexity where nobody understands
every single line of code, it's difficult to
predict what may happen in the event of
a malicious hacker setting their sights on
your organisation. For similar reasons, we'll
continue seeing exploits of Log4Shell. While
organisations aware of Log4Shell instances
can remediate them relatively efficiently, the
current concern is in those older, dustier
systems without clear-cut owners.
"If there's confusion around how a system
works and no robust DevSecOps team, it's
easy for malicious hackers to slip under the
radar and cause chaos. Persistent threat
actors are exploiting this vulnerability, using
it as one of the many lockpicks they reach
for when trying to discover if a website is
compromisable. That said, things have
gotten incrementally better. Large-scale
breaches and vulnerabilities serve as a
wake-up call for the InfoSec community,
even prompting government guidance on
what organisations should do to protect
themselves from bad actors.
"Communication at this level shows
decision-makers that cybersecurity is worth
prioritising. Organisations attempting to
right the ship should look at the tactics of
malicious hackers and use them for good.
An example of this is DAST. DAST scanning
uses those same techniques to deliver
DevSecOps professionals an end-to-end
view of security debt and direct-action
items to best secure their web apps and
prevent vulnerabilities from slipping
through the cracks."
JACQUES FOURIE, DIRECTOR OF
INFORMATION SECURITY, KOCHO
Following the rise of high-profile cyberattacks
this past year, we should expect to
see the following three trends in 2023,
Fourie predicts:
Enhanced disaster recovery. "The capacity
to recover from attacks is often overlooked
in favour of outright prevention, yet it is the
businesses that adopt a 'when, not if' mindset
that will escape the worst results of a cyberattack.
Therefore, the ability to successfully
reduce the impact radii of threats is key to
successfully rebuilding after an attack. Thus,
businesses that understand the need to
bolster cyber security will begin by moving
to more resilient architectures to be secure by
design, rather than rely on disaster recovery
sites where live replication of threats and
backing up the compromised data because
the backup platform is not security
conscious."
Deepened vendor scrutiny and
consolidation. "Supply chain risk is impacting
every industry. Uncertainty has businesses
reflecting on what systems are already in
place and whether they still meet demands.
The drive for consolidation is being
accelerated by maturing digital regulations,
which places pressure on suppliers to prove
they are compliant to remain competitive.
Additionally, initiatives like Cyber Essentials -
a government accreditation scheme for cyber
security - are proving challenging for larger
organisations to adhere to, despite being
increasingly seen as fundamental to proving
a basic secure strategy."
Securing modern digital assets. "Many
organisations are opting for serverless
architectures, like Platform as a Service
(PaaS), to ease the overhead of cloud system
management. Yet traditional security
monitoring struggling to keep up, and the
risk of limited coverage and failure to spot
attacks is leading more organisations to
consider re-platforming their security
monitoring services. To aid visibility for the
SOC post cloud migration, we are seeing
more advanced XDR tooling that supports
Dan Murphy, Invicti Security: user error
will dominate the next year of cybersecurity
pitfalls.
Jacques Fourie, Kocho: it is the businesses
that adopt a 'when, not if' mindset that will
escape the worst results of a cyber-attack.
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2022 computing security
13

2023 predictions
PaaS, such as containers. Next generation
XDR can take telemetry from assets like
containers into a more modern Security
Orchestration, Automation and Response
(SOAR) platform. Tools such as these are
becoming an increasingly critical function
to support, secure and ultimately keep up
with digital transformation."
STEPHANIE BEST, DIRECTOR OF
PRODUCT MARKETING, SALT SECURITY
"2023 will be the year of API security. API
traffic has increased 168% over the past year,
with malicious traffic growing 117% in
the same period. As business infrastructure
increasingly moves towards digitalisation,
API traffic, malicious and otherwise, will
only continue to increase through 2023. If
businesses are to protect themselves from
the torrent of attacks coming their way,
they must recognise the uniqueness of API
security. Traditional security solutions, such
as WAFs, API gateways and bot mitigation,
simply aren't effective at protecting from
most attacks aimed at APIs.
"Attacks on APIs are typically 'low and slow',
with attackers searching for unique business
logic flaws for weeks or even months before
they succeed. As these attacks aren't as overt
as more traditional methods, they cannot be
detected by security tools that are not APIspecific.
What's more, basic security tools
such as authentication, authorisation and
encryption fail to meet the challenge of
contemporary API security.
"Businesses require deep, detailed context to
understand and protect their API ecosystems
- that means being able to distinguish
normal API activity from anomalies amidst
millions of API calls. Basic security tools just
don't provide that context, leaving businesses
at risk.
"While it's not certain that businesses will
wise up to the importance of API security,
attacks on APIs will certainly increase.
Just this year, Australian telco giant Optus
suffered an API security incident with
catastrophic results. The breach resulted
directly from broken user authentication, the
second biggest API vulnerability, according to
the OWASP API Security Top 10.
"Attackers know that they can easily exfiltrate
data from unauthenticated APIs. With an API
security platform able to provide continuous
visibility in runtime and show the normal
behaviours of APIs versus anomalies, this
threat could have been identified before
the attacker accessed the user data. If
organisations don't learn from Optus's
mistakes, 2023 will be riddled with major
API security failures. In short, 2023 is either
going to be the year of API security or API
security incidents. The end result will be
determined by whether businesses wise up
to the need for API-specific security or
continue to rely on old security solutions for
a very modern problem.
JOHN GOODACRE, DIRECTOR OF THE
UKRI'S DIGITAL SECURITY BY DESIGN
CHALLENGE AND PROFESSOR OF
COMPUTER ARCHITECTURES AT
MANCHESTER UNIVERSITY
"As we head into 2023, the financial impact
of cybercrime is heading towards the $10
trillion mark, with no signs of slowing. As
our world becomes ever more connected
and dependent on technology, the
traditional approach to cyber security
of cleanliness and the rush to patch will
continue to struggle to keep up. The
doom-and-gloom headlines will continue
to be written about data loss and a lack of
resilience or trust from an ever-increasing
breadth of cyber-attack across the digital
world.
"IT teams and users alike are already
stretched to the limit, many acknowledging
that they do not have the skills or time to
keep up with the almost weekly attempted
attacks and zero-day patches. Simply
monitoring for and patching vulnerabilities
that are discovered at the user level is not
a battle that can be won by the defenders,
especially when attackers only need to be
right once to exploit a vulnerability.
"The UK is seeking to do something about
this to balance responsibility across the
supply chain. Already in 2022, we have seen
the Government's PSTI Bill looking to ensure
that consumer products are shipped more
securely by default, placing more
responsibility on the product manufacturer.
"The UK Government is not stopping here,
though. As part of the UK's National Cyber
Strategy, there is now a focus on the underlying
technology that our digital world is
built upon, ensuring products are not only
secured by default to help reduce the
number of vulnerabilities, but also secured
by design of the components and enabling
technologies to help protect against the
inevitable remaining vulnerabilities.
"UK Research and Innovation's Digital
Security by Design Programme, part of
the National Cyber Strategy, has been
redesigning from the ground up the way
software interacts with hardware, so it can
block the exploitation of around 70% of
the ongoing discovered vulnerabilities
by design, while also enabling software
development new ways to maintain
resilience and integrity. Working across
government, industry and academia, the
£300m programme has been distributing a
prototype, with developers and researchers
finding more ways to protect everything
digital from cyber and operational incidents.
"As we move into 2023, we will really start
to see early examples for sectors where this
innovative technology can reduce threats
and block exploitation of vulnerabilities.
Developers and IT teams will become more
vocal, pressing for the day they can benefit
from new hardware that can actively block
exploitation of vulnerabilities and their need
to chase the ever-increasing number
of patches."
14
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

ook review
YOU AND YOUR DATA ARE THE PRODUCT
THIS ARTICLE IS AN EDITED EXTRACT FROM THE PRIVACY MISSION: ACHIEVING ETHICAL DATA FOR OUR
LIVES ONLINE, BY ANNIE MACHON (PUBLISHED BY WILEY, 2022)
Making money from
selling people's data is now a wellknown
business model, whether
that data is contact information or browsing
history. How do you think Facebook grew so
exponentially and became so rich? By selling
our data to ad companies. Any free service
available online will probably be using our
data as their product by selling it to thirdparty
organisations. This means that each one
of us who uses this technology has become
the product and we are being data farmed.
What I would like you to understand is that
the big corporations treat us like battery hens.
All the data we churn out is being used
to generate profit for other people; as
individuals, we do not see a penny of it.
The General Data Protection Regulation
(GDPR) legislation introduced in the EU in
2016 was put in place in an attempt to rein
in some of the most aggressive data-farming
practices. While it is good in theory, it does
not seem to be that effective in practice. As
the United States has not followed suit, there
is little to deter big American corporations
from continuing how they always have when
it comes to their data collection, storage and
sharing methods.
If you look at a list of the world's biggest
companies in 2022, you will see that it is
dominated by tech firms. Apple, Microsoft,
Alphabet (Google), Amazon, Tesla, Meta and
Tencent are all featured at the time of this
writing.1 How do you think many of those
companies made their money? Using data -
our data. Data is the new oil.
The drive to commoditise our data has often
been likened to the oil rush at the end of the
nineteenth and beginning of the twentieth
centuries, when many huge American
corporate fortunes and monopolies were
established. The tech giants are merely
continuing this trend of using data to build
their wealth and, thanks to their huge wealth
advantage, they are able to manipulate the
sector to ensure their continued dominance.
As soon as a rival technology appears that
could threaten their business model, they buy
the firm out.
Although it is referred to as our data, I want
you to realise that it is much more than data.
This is your life. We live so much of our lives
online that your 'data' covers every aspect of
you, from your thoughts, relationships,
political beliefs or activism to your financial
and health records. All of this information is
online and it is all accessible. There is a huge
blurring of lines between our physical lives
and online lives, which is what makes us so
vulnerable.
Those of us who grew up in a world without
the internet, and who very clearly remember
that time, may have a greater awareness of
some of these issues. But if you are part of
the generation termed digital natives (broadly,
anyone born from the 1990s onward), this
has always been your reality and you may
never have considered the underlying
concepts surrounding your privacy and
human rights. In fact, these days I would
argue that the only privacy we have as
individuals is what goes on inside our heads.
1. 'Biggest companies in the world 2022',
FinanceCharts.com, accessed 4 May 2022, available at:
https://www.financecharts.com/screener/biggest.
Annie Machon is an international public speaker, writer,
media commentator and political campaigner. She has also
appeared in award-winning films and TV documentaries.
She is currently a Director of the World Ethical Data
Foundation. Machon is a former MI5 intelligence officer, a
European board member of the drug reform organisation,
Law Enforcement Action Partnership and a member of the
Organising Committee of the Sam Adams Associates for
Integrity in Intelligence.
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2022 computing security
15

2022 CS Awards
English National Opera singers Alexander
Wall (right) and Damien Carter in full flow.
Will we, won't we? Guests wait to hear if they
have claimed one of this year's coveted awards.
https://flic.kr/s/aHBqjAaQnn
Computing Security Awards:
winners all the way!
IT WAS ANOTHER MOMENTOUS NIGHT AT THE COMPUTING SECURITY AWARDS, WHERE THE 2022 FINALISTS
GATHERED TO CELEBRATE THIS PRESTIGIOUS EVENT - WHILE HOPING TO CLAIM ONE OF THE TITLES
What an atmosphere, what an
occasion! The Computing Security
Awards 2022 once again proved
overwhelmingly what an enormous wealth of
talent exits right across our industry. The
winners were duly applauded by those who
attended, but it was just as much about
celebrating all those who made it to the final
in the various categories, which were hotly
contested. If the mood was already uplifting
at this gala event, it was made even more
so by the uplifting voices and presence of
English National Opera singers Alexander
Wall and Damien Carter. They enjoyed a well
deserved ovation and chorus of ‘encores’ at
the end of their session. It only remains for
Computing Security magazine to offer its
warmest congratulations to each and every
one of the companies and individuals who
made it to the 2022 finals. And, of course,
we look forward to seeing you all again for
our next awards in 2023!
You can see all of the 2022 winners here.
https://computingsecurityawards.co.uk
And here’s a taster of the event itself.
https://youtu.be/-QGD7r5cpv0
16
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

2022 CS Awards
THE 2022 WINNERS:
Email Security Solution of the Year:
Libraesva
Anti Malware Solution of the Year:
WatchGuard
Incident Response & Investigation Security Service
Provider of the Year:
BlueVoyant
Network Security Solution of the Year:
Rohde & Schwarz Cybersecurity
Encryption Solution of the Year:
VIPRE Security
Advanced Persistent Threat (APT) Solution of the Year:
Gatewatcher
Data Loss Prevention Solution of the Year:
CoSoSys
Cyber Security Compliance Award:
Xcina Consulting
AI and Machine Learning Based Security Solution of the
Year:
Fortinet
Identity and Access Management Solution of the Year:
SecurEnvoy
Anti Phishing Solution of the Year:
Metacompliance
Secure Data & Asset Disposal Company of the Year:
Gigacycle
Cloud-delivered Security Solution of Year:
Cyderes
New Cloud-delivered Security Solution of the Year:
Hornetsecurity
Mobile Security Solution of the Year:
Jamf
Penetration Testing Solution of the Year:
Kroll
Breach and Attack Simulation Solution of the Year:
SimSpace
Data Protection as a Service Provider of the Year
Veritas
Remote Monitoring Security Solution of the Year:
Zyxel
Security Software Solution of the Year:
Jamf
Security Hardware Solution of the Year
Arcserve
New Security Hardware Solution of the Year
Rohde & Schwarz Cybersecurity
Security Education and Training Provider of the Year:
Metacompliance
Web Application Firewall of the Year:
Rohde & Schwarz Cybersecurity
Threat Intelligence Award:
AT&T Cybersecurity
Software as a Service (SaaS) Backup and Recovery
Provider of the Year:
Veritas
Security Reseller of the Year:
Cyderes
Security Distributor of the Year:
Brigantia
Enterprise Security Solution of the Year:
BlueVoyant
SME Security Solution of the Year:
VIPRE Security
Individual Contribution to CyberSecurity Award:
Robert O'Brien, Metacompliance
Cyber Security Customer Service Award:
Metacompliance
Security Service Provider of the Year:
Brookcourt Solutions
Security Project of the Year - Public Sector:
Swivel Secure & Durham County Council
Security Project of the Year - Private Sector:
VIPRE Security & Lodders
Security Innovation Award
BIO-key
Editor's Choice:
Veritas
One to Watch Security - Product:
Gatewatcher - AionIQ
One to Watch Security - Company:
BlueVoyant
Security Company of the Year:
Shearwater Group
New Security Software Solution of the Year:
GeoLang
www.computingsecurity.co.uk Nov/Dec 2022 computing security
@CSMagAndAwards
17

security insights
WHERE DOES YOUR SECURITY CONFIDENCE
COME FROM? AND IS IT REALLY ENOUGH?
PAUL HARRIS, MANAGING DIRECTOR AT PENTEST LIMITED, SHOWS HOW CONFIDENCE CAN
BE YOUR INFORMATION SECURITY SECRET WEAPON. IT JUST HAS TO BE THE RIGHT TYPE
In a world where nothing is 100% secure
and malicious threats have the advantage in
terms of time, no constraints on resources
and no ethical barriers, we need to accept
that 'perfect' security isn't realistic. Instead,
organisations need to strive to achieve a high
level of confidence in their security efforts,
within the resource and budget limitations
they have. By doing so, they help keep
themselves protected against most of the
threats they face.
Having confidence in your information
security is a goal every organisation should aim
towards. However, it's important to recognise
that not all confidence is created equal.
Confidence and competence aren't always
aligned; confidence certainly needs to be more
than a feeling and misplaced confidence can
be dangerous. So, how do you achieve (the
right kind of) confidence in your information
security?
ADOPT A ZERO-TRUST APPROACH
Zero-trust seems to be the buzzword of the
day when it comes to information security.
The idea being that every user needs to be
authenticated, authorised and validated before
being granted access. Basically, are we sure
the user is who they say they are?
This same approach, questioning
everything and gaining proof,
can be applied to all other areas
concerning your security. Take,
for example, external software
providers. Many suppliers like to
shout about the security benefits of
their products, with terms like 'realtime
A.I detection' or 'military grade
security' used to instil a feeling of
confidence in the customer's mind.
But what do the claims really mean?
Can they be backed up? What risks
do you introduce in adopting this
software? These are questions that
organisations need to be asking
themselves and their suppliers, helping
build security confidence around these areas.
The same approach can be used internally.
For example, companies may have an internal
software development team, and, in many
cases, security checks will fall under their
remit. But do developers have the right skillset
to test security in a robust manner, and could
there be a danger of 'marking their own
homework'?
By asking questions, challenging claims, and
seeking proof, you start to build confidence
that your defences are as strong as they can
be, across all areas of your business.
PUT YOUR CONFIDENCE TO THE TEST
So, you've asked questions, challenged the
claims and sought the proof you need. You're
now confident that your security is robust
enough to keep you secure against most
threats. But how do you know your efforts
have been truly effective? You need to put
this confidence to the test.
Having an independent expert, such as a
penetration tester, compliance auditor or risk
management consultant, assess your work is
always a daunting prospect; it's completely
understandable, but those with confidence
should relish the opportunity. When you have
this mindset, independent testing is a win-win
situation. Think about it - either the test comes
back with little to report, validating your
efforts, or it highlights issues - issues that
you can then use to improve upon.
It's this mindset that sets apart the security
great from the security good. They don't see
testing as a criticism of their work, rather
a benchmark for their efforts, a chance to
improve and an opportunity to strengthen
their security confidence further.
So, the question you need to ask yourself is:
how confident are you in your information
security confidence?
18
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

deepfakes
THE DYSTOPIAN WORLD OF DEEPFAKES
BBC'S RECENT DRAMA, 'THE CAPTURE', WAS AN ALARMING TAKE ON THE GROWING THREAT
OF DEEP FAKES. WE ASK MATT LEWIS, COMMERCIAL RESEARCH DIRECTOR AT NCC GROUP,
TO CONSIDER WHAT THREATS THESE MIGHT POSE IN THE 'REAL WORLD'
Recently, we have seen how deepfake
technology has become more
sophisticated and readily available.
The BBC recently released a second series of
UK TV series 'The Capture', a thriller exploring
the use of deepfakes for political deception
and criminal framing, demonstrating the
impact deepfakes are capable of making
in day-to-day life.
Within the series, deepfake technology is
used to fabricate a statement from a British
politician whereby they announce a major
policy change regarding Chinese artificial
intelligence technology. This mirrors
something that's already happened in
real life with Ukrainian President Volodymyr
Zelensky, where he was portrayed to be
surrendering in the country's conflict with
Russia.
Another sinister and sadly fatal case relating
to deepfakes came earlier this year, with a
young Egyptian girl taking her own life after
she was allegedly blackmailed with deepfake
pornography, created using her imagery.
In early 2020, NCC Group partnered with
University College London (UCL) on a
research project investigating the capabilities
of various free and open-source deepfake
toolkits. It has now been over two years
since this research and, since then, deepfake
technology has become more sophisticated
and is used more readily. So, let's revisit
today's deepfake landscape, looking at
technological developments and societal
implications.
HOW CAN DEEPFAKE TECHNOLOGY
BE USED IN THE REAL WORLD?
The technology of deepfakes has advanced
and there are now many online apps
available for users to create and play around
with it. Improvements to leading opensource
deepfake toolkits, such as DeepFaceLab, have
also continued, rendering the technology
more performant and realistic.
As well as the technology being more
readily available, we are also seeing more
real-time generation of deepfakes. This
includes hooking up to a computer's
webcam to allow impersonation as other
people in real time - for example, on video
conferencing calls. 'The Capture' also does a
good job of demonstrating this, as in series
two a British politician's likeness is digitally
recreated using deepfake technology, whilst
he is supposedly live on TV, making it look
and sound like he's said something else.
HOW CAN WE PREPARE THE WORLD
AGAINST DEEPFAKES?
There is an urgent need for deepfake
detection and blocking. More deepfakes are
20
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

deepfakes
being used in harmful or offensive contexts
by all level of threat actor, from disgruntled
lover seeking revenge, all the way up to
organised crime groups and hostile national
states.
In 2021, the European Parliamentary
Research Service (EPRS) released a study on
tackling deepfakes in European policy. The
study summarised a range of categories of
risks associated with the technology, ranging
from psychological, financial and societal
harm. It includes risks from extortion,
bullying and defamation, to stock-price
manipulation, election interference and
damage to national security.
Various approaches are emerging from
academia on deepfake detection and
blocking, such as active illumination of a
person's face during a video call and selfblended
images. However, it can take time
for new research to find its way into
commercial and mainstream use; in the
meantime, deepfake technology might find
a way to bypass detection mechanisms.
Propagation of deepfakes heavily relies on
social media sharing. With this in mind,
social media platforms ought to provide
a level of deepfake detection and blocking.
Facebook (Meta AI) has been researching
methods to detect deepfakes and identify
where they originate.
When it comes to Business Identity
Compromise (BIC), in addition to detection,
businesses may also need to consider
changes to current approval and workflow
process. For example, where a process may
allow for execution of a crucial operation
or high-end financial transaction, requiring
a two-person rule (if performing over video
conferencing) might make it that much
harder for a successful deepfake attack.
Similarly, requiring an in-person physical
presence, particularly now that most global
pandemic restrictions are lifted, may be a
necessity to mitigate the risks in this domain.
In terms of advice on how to combat
deepfakes, using state-of-the-art anti-fake
technology, good security procedures and
watermarking genuine videos should always
be top of the list when looking at identifying
and blocking deepfakes. Other, more soft,
measures are to ensure employees and family
are familiar with deepfakes, update and use
different/strong passwords, perform regular
backups and updates of data; also, using
a good security package can always provide
a barrier against deepfakes.
DEEPFAKE LEGISLATION AND
REGULATION
Deepfakes pose many potential risks, such as
manipulation of civil discourse, interference
with elections and national security, alongside
the erosion of trust in journalism and public
institutions. It is therefore essential that
legislation surrounding deepfakes is reviewed
constantly, as this technology grows ever
more popular.
The UK law currently does not have a
specific set of legislation for the use of
deepfakes. However, there are established
laws that may be more applicable when
attempting to look at preventing deepfakes
being used in an unwanted or manipulative
way.
It is also worth noting that, whilst specific
legislation and regulation around deepfake
abuse won't stop motivated attackers, it is still
necessary to ensure that people abusing the
technology can and will be identified and
prosecuted for doing so.
Despite the demand for legislation in this
domain, concerns exist on a lack of progress
across the EU and UK. The National Law
Review writes: "In the UK, the answer is that
English law is wholly inadequate at present
to deal with deepfakes. The UK currently has
no laws specifically targeting deepfakes and
there is no 'deepfake intellectual property
right' that could be invoked in a dispute.
Similarly, the UK does not have a specific law
protecting a person's 'image' or 'personality.
It's created circumstances where people living
in the UK will need to rely on a combination
of different rights and laws, in order to try
and protect themselves against deepfakes.
However, these laws may currently not go far
enough to protect those dealing with the
malicious use of their image through
deepfakes; as ever with rapidly advancing
technology, we must ensure these advances
do not outpace legislative and regulatory
frameworks protections.
Now we know deepfakes are here for good,
how do we ensure they are safe to use?
It's clear deepfakes are no longer confined
to shows like the BBC's 'The Capture'. The
technology is here to stay and it being used
in the real world, continuing to advance in
its ease of use, accessibility and realism.
We therefore need urgent and continued
research on deepfake detection and blocking
mechanisms, whilst legislation and regulation
need to catch up, in order to prevent and
prosecute individuals abusing the technology.
Matt Lewis,
NCC Group.
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2022 computing security
21

data management
YOU AND YOUR DATA ARE THE PRODUCT
WHY IS IT SO IMPORTANT FOR BUSINESSES TO UNDERSTAND THE
SENSITIVE DATA THEY ARE WORKING WITH? NICK EVANS, GEOLANG'S
SALES AND MARKETING MANAGER, REVEALS WHAT COULD HAPPEN
BY NOT HAVING A SOLID PLAN
The amount of sensitive data your
business stores is only increasing
in size - and one of your major
responsibilities is managing it. As more
tools are used to manage everyday
business, both on-prem and cloud,
the amount of data being stored is just
getting bigger! While lots of the data
you collect may be completely harmless,
critical, and sensitive information hides
among it, often in plain sight.
Anywhere you have data, you certainly
also have sensitive data. To manage your
sensitive data, you first must discover it.
Solutions like GeoLang's Data Discovery
tool help you to take the first step in
maintaining your increasing amounts of
sensitive data. But why is sensitive data
protection more important than ever?
What are some places your sensitive
data could be hiding?
WHY SHOULD WE PROTECT
OUR SENSITIVE DATA?
There are heavy fines issued in relation
to Sensitive data being leaked through
breaches and it's now vitally important to
protect against any unauthorised access.
With a heightened focus now on data
compliance regulations and the potential
massive damage to your reputation,
intellectual property, efficiency, and
bottom line - if you're not locating and
classifying your data, your organisation
is at risk.
RISE IN PRIVACY REGULATIONS
It is not just the public that cares how
their details and information are being
captured and used by businesses, but a
massive focus from legislators worldwide.
Since 2018 and the creation of Europe's
General Data Protection Regulation (GDPR)
and the California Consumer Privacy Act
(CCPA) in 2020, many businesses have
woken up to the need to manage their
sensitive data better. With more than
100 countries now having their own data
privacy laws, it's a fact that regulations,
like your sensitive data, are increasing all
the time.
The EU GDPR sets a maximum fine of
€20 million (about £18 million) or 4%
of annual global turnover - whichever is
the greater - for businesses that do not
comply with GDPR rules and fines for
violating the CCPA can reach $7,500. With
the evolution and addition of new privacy
laws and regulations, remaining compliant
is a constant challenge.
Sensitive data protection allows you to
sort out the confusion behind data privacy
regulations and effectively deploy your
limited resources so you can focus on
other critical business needs.
YOUR BRAND REPUTATION -
IT'S ALL YOU HAVE GOT!
Your systems, or 'Data Silos', hold extensive
data about your employees, customers,
and others with whom you do business -
in essence, any data that relates to a
person (e.g. Names, home addresses,
payment card information, driving licence
numbers, email addresses and other
personal information).
When collecting information from
people, you accept the responsibility for
protecting their information. Failing to do
so results in severe reputation damage,
but also a potential loss of business. There
are many cases where a business that has
suffered a public data leak has then gone
on to see a decline in sales figures.
BLOW TO CONFIDENCE
This is due to the trust your customers had
in your brand being damaged. The blow
to consumer confidence can affect stock
prices for months or years.
22
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

data management
TIME AND COST TO RECOVER
FROM A DATA BREACH
Data and privacy breaches continue to
grow with more than 33 billion records
projected to be stolen in 2023 - a 175%
increase over 2018. According to IBMs
latest 'Cost of a Data Breach Report', the
global average cost of a cybersecurity
breach is £3.41 million and rising. In the
US, the average is much higher, $8.19
million. The same report states that the
average time a company takes to identify,
contain, and recover from a breach is 280
days. Implementing a data protection plan
before a data incident (or breach) takes
place is vital to a business's ability to
survive and thrive. Without a solid data
protection plan, you are driving around
uninsured, with bald tyres. With no
headlights. In the dark. Into oncoming
traffic.
LOCATING SENSITIVE DATA -
THE RESOURCING CHALLENGE
While businesses understand the need
to control, manage, and reduce their
sensitive data footprints, many struggle to
keep up. The sheer amount of data, along
with its huge ranges of locations - some
you may not even know about - can seem
like an impossible challenge, especially
when a business's resources are already
thinly spread. Many SMBs do not have
an IT resource and outsource that role.
Sensitive data can be anywhere across
structured, unstructured, and cloud
locations and many companies only
point resources at protecting the cloud,
while giving less attention to endpoints
(Laptops, Desktops, File servers). In fact,
employee machines, servers, and even
printers could store sensitive information.
Covid-19 and the new home working
culture has only increased the risks as
employees work remotely. Some data
privacy management software is designed
to find, classify, and protect sensitive
information only in certain kinds of
locations. However, just like any defence,
your data security plan is only as strong
as its weakest link.
SEARCH EVERYWHERE.
FIND EVERYTHING
GeoLang's Data Discovery tool allows
organisations to discover sensitive data
and reduce privacy risks whilst preparing
for the future - quickly and easily. With
GeoLang, you can discover and classify
SaaS, cloud, on-premises and endpoint
sensitive data throughout your business.
The Data Discovery solution offers automated
data location support for Cloud
and On-Prem set-ups of:
Atlassian Confluence, Jira and Bitbucket
Microsoft Office 365
Google Workspace
Hyland Alfresco
Endpoints (Windows, Mac and Linux)
In addition to finding your sensitive data,
GeoLang Data Discovery can reduce
potential exposure from data breaches by
proactively prompting data owners to
remove or remediate sensitive data from
nonessential locations. Since you don't
know what you don't know you need the
ability to trust a tool that looks
everywhere.
Keep in mind your organisation's ongoing
need for additional computers, new
software and a growing cloud footprint.
Companies scanning and remediating
terabytes of data today will need to plan
for petabytes of data tomorrow. Where
is the sensitive data that could threaten
your organisation, employees, compliance
with privacy regulations and customer
reputation? You can Schedule a demo of
GeoLang Data Discovery to find out.
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2022 computing security
23

ansomware
RANSOMWARE ON THE RAMPAGE
WITH 24% OF BUSINESSES IDENTIFIED IN RECENT RESEARCH AS HAVING BEEN VICTIMS TO AN ATTACK,
THE OMENS FOR THE YEAR AHEAD LOOK WORRYING. HOW CAN THEY START FIGHTING BACK?
Nearly a quarter of businesses have
suffered a ransomware attack,
with a fifth occurring in the past 12
months, according to an annual report
from cybersecurity specialist Hornetsecurity.
The company's 2022 Ransomware Report,
which surveyed more than 2,000 IT leaders,
discloses that 24% have been victims of
a ransomware attack, with one in five
(20%) attacks happening in the last year.
Cyberattacks are certainly happening
on a very wide scale with ever-increasing
frequency. Last year's ransomware survey by
Hornetsecurity revealed one in five (21%)
companies experienced an attack; this year,
it rose by 3% to 24%.
"Attacks on businesses are increasing,
and there is a shocking lack of awareness
and preparation by IT pros," states
Hornetsecurity CEO Daniel Hofmann.
"Our survey shows that many in the IT
community have a false sense of security.
As bad actors develop new techniques,
companies like ours have to do what it
takes to come out ahead and protect
businesses around the world."
The 2022 Ransomware Report highlights
a lack of knowledge on the security available
to businesses. For example, a quarter (25%)
of IT professionals either don't know or
don't think that Microsoft 365 data can be
impacted by a ransomware attack. Just as
worryingly, 40% of IT professionals that use
Microsoft 365 in their organisation admitted
they do not have a recovery plan, should their
Microsoft 365 data be compromised by a
ransomware attack.
"Microsoft 365 is vulnerable to phishing
attacks and ransomware attacks, but, with
the help of third-party tools, IT admins can
back up their Microsoft 365 data securely and
protect themselves from such attacks," adds
Hofmann. Industry responses showed the
widespread lack of preparedness from IT
professionals and businesses. There has been
an increase in businesses not having a disaster
recovery plan in place, if they do succumb to
the heightened threat of a cyberattack.
In 2021, 16% of respondents reported
having no disaster recovery plan in place. In
2022, this grew to 19%, despite the rise in
attacks. The survey also showed that more
than one in five businesses (21%) that were
attacked either paid up or lost data. Hackers
have an incentive to run these ransomware
attacks, because there's a decent chance that
they'll get a payday - 7% of IT professionals
whose organisations were attacked paid the
ransom, while 14% admitted that they lost
data to an attack.
Hofmann concludes: "Interestingly, 97% of
pros are moderately to extremely confident in
their primary protection method, even if they
don't use many of the most effective security
measures available, such as immutable
storage and air-gapped off-site storage. This
tells us that more education is needed in the
field and we're committed to this cause." You
can read more at this link: hornetsecurity's
ransomware attacks survey.
FAST AND COST-EFFECTIVE RECOVERY
Data backup alone is not enough to protect
you, cautions Florian Malecki, executive vice
president marketing, Arcserve. "Companies
should also plan to recover data quickly and
cost effectively, following a ransomware
attack. With a well-thought-out recovery
plan in place, you may be able to restore
the exact version of a file or folder following
a data loss properly and quickly."
24
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

ansomware
Immutable storage should be a vital
component of your backup and recovery
plan to allow you to safeguard your data,
even if a ransomware attack victimises
you, he states. "An immutable solution
continually protects your data by taking
snapshots every 90 seconds. These
snapshots make it possible for you to go
back to specific points in time before an
attack and recover entire file systems in
a matter of minutes. As a result, even if
an attack is successful, your information
will be quickly and easily recoverable to
a very recent point in time."
Because your backup data is immutableyour
data can't be altered in any way by
ransomware - there will always be a series
of recovery points, ensuring your data
remains protected, argues Malecki. "This
immutability can also bridge the security
and the operational infrastructure teams,
which have traditionally been siloed. That
means these two groups can speak the
same language and work together in the
face of ransomware threats.
"If the worst happens and you fall victim to
an attack, being in control of your recovery
would be highly comforting to everyone
involved in your organisation. Your data
protection system should be able to deliver
orchestrated recovery with a single click. In
a ransomware attack, you should be able to
recover confidently by safely spinning up
copies of physical and virtual systems onsite
and offsite in minutes-not hours or days.
"An ideal data protection system will also
use analytics to identify frequently used data
that a business should always back up and
less vital data that doesn't have to be. This
system gives organisations an intelligent,
tiered data architecture that provides rapid
access to mission-critical information."
DAMAGING IMPACT
Ransomware attacks are at an all-time high,
with 2021 receiving the largest ransomware
payout by an insurance company ($40
million, according to Matthew Woodward),
and have witnessed a 94% increase from
2021 to 2022 on US healthcare organisations,
states Kyle Mitchell, commercial sales
director for Whitaker Brothers. "Damage from
ransomware can be costly for businesses,
as recovering data can be time-consuming,
often costing businesses money to resolve."
To avoid any possible ransomware attack,
he offers practical tips on preventing malware
from reaching your organisation's devices.
Analyse suspicious emails for any
unorthodox attachments - ransomware
can find its way onto your device through
suspicious emails and email attachments.
"These can often be found through emails
that contain strange requests for information,
scaremongering tactics and uncharacteristic
requests from known associates. Ensure that
you read a suspicious email carefully, paying
close attention to the sender. If you are
unsure if the email is trustworthy, avoid
opening any attachments," says Mitchell.
Create regular backups of your files -
"Regular backups for your organisation are
ideal to bounce back from a ransomware
attack and should be created offline, so that
digital attackers cannot target your data."
Keep systems up to date - "Making sure that
systems are up to date is an effective way to
close all essential security gaps that digital
attackers often try to exploit."
Apply an Intrusion Detection Systems (IDS) -
this compares network traffic logs to
signatures that identify known malicious
behaviour online.
Actively inspect content - you can reduce
the likelihood of ransomware attacks actually
reaching your devices by actively inspecting
the content. "This means filtering your files
to only allow file types you want to receive,
blocking websites that are known to be
malicious, and using signatures to block
known malicious code," he adds.
Train your team - an effective security
awareness training programme within your
organisation can be crucial in stopping
ransomware attacks.
NATIONAL INFRASTRUCTURE TARGETED
Meanwhile, two-thirds (65%) of Critical
National Infrastructure (CNI) has fallen victim
to a cyberattack over the past 12 months -
statistics unveiled in new research from global
cybersecurity company Forcepoint. The report
examines the pressure CNI cybersecurity
professionals face, as they balance the rapid
pursuit of digital transformation with the
cyber threat landscape.
"Ransomware is perceived by cybersecurity
professionals to present the greatest risk to
CNI organisations," says Forcepoint. "This
is unsurprising, given 57% report that their
organisation fell victim to a ransomware
attack in the last year, of whom 72%
admitted to paying the ransom."
When asked what aspects of the current
cybersecurity threat landscape cause CNI
cybersecurity professionals to worry the most,
the challenge of managing more complex
security solutions was superseded only by
concerns that the Russia-Ukraine war could
be increasing the risk of cyberattacks.
And Forcepoint further states: "The rapid
digital transformation of both IT and OT
[operational technology] environments is
compounding the challenge that CNI
cybersecurity professionals are facing. When
asked about its impact on their organisation,
the most cited concern was the need to
secure new technologies, because they were
new to the organisation, as well as being
difficult to secure properly."
CNI cybersecurity professionals also believe
a cyberattack on CNI could lead to disruptive
behaviour amongst the general public, which
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2022 computing security
25

ansomware
Dan Turner, Forcepoint: cybersecurity
professionals in CNI work in a climate
of high risk and diverse threats.
Daniel Hofmann, Hornetsecurity: attacks
on businesses are increasing, yet there's a
shocking lack of awareness and preparation
by IT pros.
increases the difficulty of mitigating or
controlling the impact of an attack. In the US,
the greatest concern was of a power outage,
whereas cybersecurity professionals in the
UK predict that disruption to personal
banking would have the greatest impact."
The threat of disruption is also amplified
by what cybersecurity professionals believe
motivates cyberattacks on CNI. The greatest
threats were perceived to be from cyber
gangs demonstrating their capabilities, acts
of political retaliation, acts of hacktivism and
acts of cyber warfare.
"Unfortunately, the research has also found
many CNI cybersecurity professionals are
feeling the pressure of this high-pressure,
high-complexity environment. Feelings of
stress, anxiety and burnout are affecting over
one-third of all CNI cybersecurity professionals
[35%, 39% and 36% respectively]. "This is
impacting their professional experience,
with two-fifths of cybersecurity professionals
reporting that the pressure to secure CNI
has led them to have a low morale at work
(40%), rising to 51% of UK employees.
Worryingly, it is also affecting their personal
well-being."
Adds Dan Turner, vice president at
Forcepoint: ""Understanding the challenges
our cybersecurity professionals in CNI are
facing helps us find better solutions to
alleviate the burden on them. They work in
a climate of high risk, diverse threats when
rapid adoption of new technologies changes
security parameters all the time. Knowing
what motivates and worries our industry is
key - it helps us help them in their efforts to
ensure no new threat or technology puts
our essential services at risk of disruption,
so which, in turn, allows us to secure a safer
and more sustainable future for everyone."
BIGGEST CHALLENGES TO OVERCOME
"Securing an expanding digital footprint
is one of the biggest challenges facing
companies," points out Sam Curry, chief
security officer, Cybereason. "With ransomware
attacks surging, the clock starts to
immediately tick after ransomware has
executed. And when the ransom itself is
received, that is a time of high adrenaline,
confusion and panic for most. This is actually
by design on the part of the attackers.
They attack, often, at night, on holidays
and weekends to maximise pressure, and,
therefore, the chance of poor decisionmaking
and capitulation. According to a
recent Cybereason study on ransomware
attacks, more than 60% of organisations
lack preparedness on holiday and weekends,
and it limits their ability not only to assess
the risk, but stop it as well. Hackers know
this and they attack accordingly.
"Companies can't pay their way out of
ransomware and many decide they won't
pay," adds Curry. "Hopefully, they are backing
up data, but how quickly can the data be
operational? If a company isn't backing up
their data and still won't pay, that decision
comes with weathering the pain of rebuilding.
And what other trade-offs come into
play? Can services continue? Is public safety
or human life at risk? What is the cost of
rebuilding? How long will it take to rebuild
etc? There is the arithmetic of recovery, the
risk equation, the truly compelling questions
like not putting human life at risk and then
there is also the ethical question of funding
criminal activity."
TICKING TIMEBOMB
Given the massive strides that the security
industry has been making in developing
sophisticated network protection technology,
this raises a vital question according to Mark
Oakton, CEO/Consulting CISO, Infosec
Partners: "Why is ransomware still able
to keep CISOs awake at night and send
shockwaves through the corporate world's
boardrooms?" There are many reasons, he
believes, including a reliance on outdated
technology, combined with poor staff
awareness and training - but ultimately the
answer lies in human nature. "Ransomware
attacks are typically the result of a simple
26
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

Secure your
modern
workplace
with awardwinning
solutions
Do your employees
love their work technology
and does your organisation
trust that every device is safe?
Jamf is here to help your organisation by:
• Empowering all users to safely stay connected to resources
• Protecting company data from the evolving threat landscape
• Ensuring privacy and compliance without compromising
on end‐user experience
www.jamf.com
Find out more
and request
your trial

ansomware
Steve Forbes, Nominet: paying a ransom
could make your business a bigger target
in the future.
Sam Curry, Cybereason: with ransomware
attacks surging, the clock starts to
immediately tick after ransomware has
executed.
lapse in judgement or concentration by
a user who fails to spot a fake email, but
also whether to pay or not is a decision only
management can make. In the latter case,
most people's natural reaction is likely to be
to try to tough it out and pray that the IT
team can get things back up and running.
Unfortunately, the hackers have thought
of that and typically built in the ticking
timebomb factor, increasing pressure to
cave in and pay up while there is still time
for damage limitation," he says.
In such situations, the management team
finds itself between the proverbial rock and
the hard place. "Stand firm and risk not just
losing their entire OT systems, including
business critical files and corporate data, but
also the indirect costs, such as reputational
damage and any incurred customer liability
costs; or take the hit and move on as quickly
as possible."
In the end, adds Oakton, it all comes down
to a simple cost/benefit decision, which
usually means taking the least-worst financial
impact option and giving in to the hacker's
demands.
"For its victims, ransomware holds some
salutary lessons that need to be heeded, if
they are going to avoid similar attacks in the
future. Top of the list is: don't assume that
you are now immune. Research has shown
that hackers are very likely to be back to
see if you have strengthened your defences.
Next, ensure that you have a robust backup
and recovery plan for all critical systems
and, last but not least, put in place rigorous
network management policies, backed by
a programme of regular user education
to engender a corporate culture of cyber
awareness."
ROBUST BACKUPS
Steve Forbes, government cyber security
expert, Nominet, picks up on the NCSC
advice against paying a ransom, on the basis
that there's no guarantee you'll actually have
access restored, if you pay, and it could make
your business a bigger target in the future.
"But, if a worst-case scenario does happen,"
he says, "and you hold out on paying a
ransom, there are steps you can take to
mitigate any damage and try to recover.
"At a bare minimum, having robust backups
on hand that have been tested and are
resilient to malware is critical to get any
impacted systems back online and
operational in a quick manner. Ideally, this
would be part of an incident response and
crisis management plan that would be
implemented at the first sign of trouble."
Local authorities and national cyber
agencies like the NCSC can also become
a major lifeline in a ransomware situation,
he adds. "They're the experts, and have all
the procedures and actions in place to
deploy when needed. Whether it's sharing
technical advice for what to do or providing
access to information, liaising with
organisations like this can be invaluable.
The quicker a business reaches out for help
when disaster strikes, the better chance
they have to recover and get back on track.
Additionally, transparency with the authorities
and any person or organisation that
may be impacted by the incident is crucial.
This can help to minimise reputational
damage and reduce any fines that are
imposed by regulatory bodies."
Double extortion ransomware is another
increasing trend for businesses to be wary
of, where threat actors encrypt and hold
hostage valuable data, putting additional
pressure on them to pay up. "This is where,
on top of having trusted backups, it is vital
to have strong data encryption before it has
a chance to be stolen, ensuring that, if an
attacker is threatening to expose the data, it
is at least protected," Forbes concludes.
"Finally, organisations should ensure that only
data that is required is retained, as this
reduces the risk and impact, should any data
be compromised."
28
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

Unleash the
security of
ONE
NETWORK
SECURITY
MULTI-FACTOR
AUTHENTICATION
SECURE
CLOUD WI-FI
ENDPOINT
SECURITY
Smart Security, Simply Done.
Web: www.watchguard.com/uk | Email: uksales@watchguard.com | Tel: +44 (0) 203 608 9070

legislation
EU CYBER RESILIENCE ACT UNVEILED
GETTING THE BALANCE RIGHT
MIKE NELSON, VP OF IOT SECURITY AT DIGICERT, EXPLAINS WHAT THE EU CYBER RESILIENCE ACT
MEANS, IN THE FIRST MOVE TO LEGISLATE CYBERSECURITY FOR THE INTERNET OF THINGS
The EU Cyber Resilience Act is the
first EU-wide legislation to emerge
that imposes cybersecurity rules
on manufacturers. It will cover both
hardware and software, and applies
to both manufacturers and developers,
making them responsible for the security
of connected devices. The European
Commission states that the regulation
will tackle two issues: "the low level of
cybersecurity of many of these products
and more importantly the fact that many
manufacturers do not provide updates
to address vulnerabilities".
WHAT WILL THE EU CYBER
RESILIENCE ACT REQUIRE?
The devil will be in the details as the
requirements are developed and
released. We anticipate that they will use
non-prescriptive approaches similar to
what we see in other regulations, like
'encrypt sensitive data', 'devices must
have the ability to be updated', 'ensure
integrity of software and firmware' etc.
However, to justify a penalty, they need
to have some measurable approaches.
There will likely be a requirement for
regular updates, as that is one of the
pain points that the European
Commission raised. Sending automatic
updates to a large scale of devices will
be difficult without a solution that helps
manufacturers maintain viability and
automate tasks. Additionally, the EU
Commission has stated that there will
need to be more information available
for consumers to make informed
purchasing decisions and to set up their
devices securely.
HOW WILL THE EU CYBER
RESILIENCE ACT AFFECT IOT
MANUFACTURERS?
IoT device manufacturers could face
massive fines and penalties for noncompliance
with the drafted EU Cyber
Resilience Act. This is one of the first
legislations to require a financial penalty
for non-compliance. The EU is clear
that, with this proposed legislation,
the financial burden of devices will rest
with manufacturers and developers.
Furthermore, products that do not meet
"essential" cybersecurity requirements will
not be allowed to go to market. Thus,
30
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

legislation
manufacturers need to start incorporating
security in the design of their
products now, so that devices going
to market in the next few years will be
up to the required security standards.
Market surveillance authorities in each
EU member state will be responsible to
fine non-compliant companies, up to
a limit set within the act, and prohibit
non-compliant devices from going
to market. However, having one set
standard for cybersecurity across the EU
will also make it more streamlined and
clearer for manufacturers on how to
maintain compliance.
HOW WILL THE EU CYBER
RESILIENCE ACT AFFECT
CONSUMERS?
The EU Cyber Resilience Act will give
consumers a better purchasing power
and trust in their devices by requiring
manufacturers to provide information
on device security before purchasing.
The rules will require more knowledge on
how to choose products that are secure
and how to set up devices in a secure
way. Similar to how consumers look at
nutrition labels on food products to
better understand what they are made
of, providing security information on
devices upfront will allow consumers to
make more informed purchase decisions.
As manufacturers will be required to
be more transparent on the cybersecurity
in their devices, consumers will have
increased trust in the connected devices
that do go to market. Furthermore, the
EU Commission anticipates it could even
increase demand for "products with
digital elements", if consumers trust the
product security more.
IOT SHOULD BE SECURE BY DESIGN
Regulators shouldn't have to come in
with heavy fines and consequences to
drive security - but sadly all too often
security is an afterthought in device
development. In a perfect world,
companies would realise the importance
of protecting their assets, customers,
reputation and employees, and do
security the right way, because it's the
right thing to do. Until we get there,
we will have to continue tolerating
regulators coming in with a stick.
Additionally, the ability for national
surveillance authorities to be able to
prohibit or restrict the sale of nonconforming
products will also be a stick
that will drive better security.
WHEN WILL THE CYBER RESILIENCE
ACT BE ENFORCED?
At this point, the EU Cyber Resilience Act
is with the European Parliament and
Council to examine and adopt. Once
enacted, Member States will have up to
two years to adopt the requirements.
Thus, manufacturers should be prepared
to comply with the act any time in the
next few years.
However, the trend of increasing
regulation on connected devices will
continue. The EU Cyber Resilience Act
is just the first step; we anticipate that
this regulation will become a guideline
for other regulators to develop similar
standards. In the future, there will be
more regulation on the IoT and its
design, not less. Thus, it's important
for manufacturers to implement
cybersecurity by design now, so
they are prepared for the
future of IoT regulation.
In addition to more IoT
regulation, we are seeing
industries come together
to solve for device
security. For instance,
the Matter protocol
recently launched for
smart home device
interoperability, security
and reliability may
serve as an industrydriven
roadmap for
better IoT device security. Though the
full details of the proposed EU legislation
are yet to come out, it is likely that
manufacturers complying with Matter
security, using device attestation
certificates and product attestation
intermediates, would meet the
requirements of the EU lawmakers.
Furthermore, they will have the
opportunity to signal security to
consumers, given that Matter-compliant
devices will carry the Matter seal of
approval.
Mike Nelson, VP of IoT
Security at DigiCert
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2022 computing security
31

packet data
BUILDING A CAPTIVE AUDIENCE
PACKET CAPTURE IS BECOMING INCREASINGLY IMPORTANT,
AS MARK EVANS, VP OF MARKETING, ENDACE, EXPLAINS
Mark Evans, VP of marketing, Endace.
There's an adage amongst experienced
SecOps and NetOps analysts - 'PCAP
or it didn't happen' - highlighting
why network packet capture data (the file
extension .PCAP is a common file format)
is so crucial. Packets provide the only truly
definitive evidence of performance and
security issues that happen on a network.
If you can't see the packets, you may never
know for certain exactly what happened.
Recent widespread security vulnerabilities
- such as Solarflare and Log4J 2 - have
illustrated just why access to packet data
on-demand is so important, igniting
demand for full packet capture solutions
to fill the visibility hole.
Governments are also becoming aware
of the importance of packet capture.
The US White House has mandated,
by February 2023, all Federal agencies
must be able to provide access - when
requested by CISA or the FBI - to a
minimum of 72 hours of full packet
capture data for investigating
cybersecurity events.
However, there's still confusion and
misinformation about why packet data is
important and what the term 'packet capture'
means. Some organisations believe they can
do packet capture by relying on network
flow data and endpoint monitoring. Others
only record a handful of packets relating
to specific events or use 'triggered' packet
capture, because they believe it saves on
storage costs.
This article seeks to clarify the confusion
around packet capture, so organisations
can make informed decisions.
WHY IS PACKET DATA IMPORTANT?
Packet payloads are often the only way
to identify specifics: did a phishing attack
compromise credentials? What data was
stolen or modified in a breach? Or what
malware was dropped on compromised
hosts?
While log files and flow data can indicate
an issue has occurred, oftentimes they can't
show the exact root cause of that problem.
They don't provide crucial detail, such as the
32
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

packet data
actual 'payload' of data an attacker may
have staged and exfiltrated. This leaves
SecOps and NetOps teams blind to exactly
what's happening on their network.
With access to packet data, analysts can
resolve problems faster and be certain
about their conclusions. Packet data can
also reduce analyst alert fatigue by providing
the evidence necessary to tune detection
systems to reduce false positive alerts and
increase accuracy. It also enables analysts to
prioritise, investigate and respond to events
far more efficiently.
THREE TYPES OF PACKET CAPTURE
There are three types of packet capture used
for security and network performance.
The first, originally called 'packet sniffing',
involves connecting a device to the network
when a specific problem occurs so engineers
can record ('sniff') small amounts of packet
data to troubleshoot the problem. It's often
referred to as 'ad-hoc' packet capture.
The second type of packet capture is called
'triggered packet capture' and happens
when packet recording is only enabled in
response to specific events - such as security
alerts. Packet data relating to that event is
then recorded to provide evidence for
analysts for future investigation.
The third and last type of packet recording
is where all packets traversing the network
are recorded and stored for as long as
available storage allows. This is referred to
as 'continuous' packet capture.
PROS AND CONS OF AD-HOC,
TRIGGERED AND CONTINUOUS
PACKET CAPTURE
Each type of packet capture can be useful.
However, for enterprise cybersecurity
purposes, both ad-hoc and triggered packet
capture are problematic.
Ad-hoc packet capture is insufficient for
most security uses, because it relies on
packet recording being implemented and
enabled post-event - by which point
evidence of crucial parts of an attack has
typically already been missed. It's like turning
on a surveillance camera after you've been
burgled. Similarly, triggered packet capture
is problematic because it assumes you can
predict what traffic you might need to
record ahead of time. Who could have
foreseen the Solarflare attack, and how it
would play out ahead of it happening?
Continuous packet capture is the only
reliable way to ensure record all the critical
evidence of cybersecurity events. However,
deploying continuous packet capture
requires careful planning.
STORAGE
Accurately recording traffic continuously
across an entire network requires dedicated
recording infrastructure with significant
capacity - often petabytes- to record days,
weeks, or months of traffic. In the past,
the cost of this infrastructure limited the
widespread adoption of full packet capture
to all but the largest enterprises. Or to
specific industries - such as Banking,
Telecommunications, Government and
Military - where access to recorded packet
data was considered essential regardless
of cost. Thankfully, increased compute
capacity, reduced storage costs, and new
technologies like hardware compression
mean continuous packet capture is now
affordable for most organisations.
How much storage do you need? The
answer is how much 'lookback' time do
you need/want? Typically, you'll want at least
a week, and ideally a month or more. This
gives SecOps and NetOps teams time to
identify what packet data is important for
investigating a specific issue and to archive
evidence if necessary.
RAPID SEARCH AND INTEGRATION
WITH OTHER TOOLS
Recorded packet data needs to be
thoroughly indexed as it is captured - so
analysts can quickly find traffic related
to a particular host and protocol - or
application - for a specific time period.
This lets analysts quickly find what they
need to complete investigations in a single,
uninterrupted workflow, without requiring
lengthy searches.
Ideally, access to packets should be
integrated into the tools analysts use
already - eg, SIEM and SOAR, IDS/IPS
and AI/ML solutions, and performance
monitoring tools, so analysts can drilldown
from alerts to related packets
quickly.
THE NEED FOR FORENSICS SKILLS
For packet data to be useful, analysts need
to understand what it is showing them.
Traditionally, this expertise has been limited
to senior analysts - which are increasingly
scarce resources. This is another reason
why integrating packet forensics into
existing tools is important. With the ability
to go directly from an alert to relevant
packet data, even junior analysts can find
quickly what they need, making them that
more productive and effective.
For those looking to start with packet
forensics, there's a wealth of useful
information available. The Wireshark
community (Wireshark is an open-source
application that is the tool of choice for
analysing packet data) and Youtube are
both fantastic resources. Organisations
like SANS also run many courses covering
network forensics.
A FINAL WORD
Organisations need to ask themselves:
'are we properly equipped to respond
confidently when a serious security breach
happens?' If they lack packet data, they
must accept the risks associated with the
lack of visibility and agility that results.
If there's one thing that today's volatile
cybersecurity landscape has taught us, it's
that realising the gaps after the event is
too late.
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2022 computing security
33

data threats
WHY RANSOMWARE IS 'MOVING
TOWARD DATA DESTRUCTION'
SIGNS OF A NEW DATA EXTORTION TECHNIQUE SHOW THREAT ACTORS MAY LEVERAGE EXMATTER
TO DESTROY, RATHER THAN ENCRYPT, DATA, ACCORDING TO A CYDERES THREAT REPORT
Robert Herjavec,
CEO, Cyderes.
Data destruction is rumoured to
be where ransomware is going to
go, but we haven't seen it in the
wild…until now. During a recent incident
response, global managed cyber defence
and response provider Cyderes and
innovative inception platform Stairwell
discovered signs that threat actors are
actively in the process of staging and
developing this capability.
From big game hunting (BGH) to the
growth of ransomware-as-a-service
(RaaS) and data leak sites (DLS), the data
extortion landscape is constantly
evolving and experiencing
new innovations from
threat actors. Could the
data extortion tactics
of tomorrow turn
to outright data
destruction, in lieu of
RaaS deployment?
FAMILIAR TOOL,
NEW TACTIC
Cyderes Special
Operations and
Stairwell Threat
Research teams
discovered a
sample of malware
whose exfiltration
behaviour aligns
closely with previous
reports of Exmatter, a .NET
exfiltration tool. This sample
was observed in conjunction
with the deployment of BlackCat/ALPHV
ransomware, which is allegedly run by
affiliates of numerous ransomware groups,
including BlackMatter. "Exmatter actually
takes the ransomware game to a whole
different level," says Robert Herjavec, CEO
of Cyderes. "In the past, they'd get into
your network, and they'd say, 'if you don't
pay us, we're going to leak some data'.
Now they go in, put an envelope around
your data and, if you don't pay them, they
start destroying it. It's frightening."
Cyderes explains the sequence of events
as follows. Exmatter is designed to take
specific file types from selected directories
and upload them to attacker-controlled
servers before the ransomware itself is
executed on the compromised systems.
In this particular sample, the attacker
attempts to corrupt files within the victim's
environment, rather than encrypting them,
and stages the files for destruction.
First, the malware iterates over the drives
of the victim machine, generating a queue
of files that match a hardcoded list of
designated extensions. Files matching
those file extensions are added to the
queue for exfiltration, which are then
written to a folder with the same name
as the victim machine's hostname on the
actor-controlled server.
As files upload to the actor-controlled
server, the files that have been successfully
copied to the remote server are queued to
be processed by a class named Eraser.
34
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

data threats
A randomly-sized segment starting at the
beginning of the second file is read into a
buffer and then written into the beginning
of the first file, first overwriting it and then
corrupting the file.
The development of capabilities to
corrupt exfiltrated files within the victim
environment marks a shift in data ransom
and extortion tactics. Using legitimate file
data from the victim machine to corrupt
other files may be a technique to avoid
heuristic-based detection for ransomware
and wipers. Additionally, copying file data
from one file to another is a much more
benign functionality than sequentially
overwriting files with random data or
encrypting them.
WHY DESTROY DATA,
RATHER THAN ENCRYPT IT?
With data exfiltration now the norm
among threat actors, developing stable,
secure and fast ransomware to encrypt
files is a redundant and costly endeavour,
compared to corrupting files and using
the exfiltrated copies as the means of
data recovery.
"Today, we detect ransomware attacks
based on certain behaviours that we see -
that might be encrypting files, that might
be deleting volume shadow files, or something
similar," says Mike Wyatt, chief
security officer at Cyderes. "But one
thing we may not be looking for is data
that's actually just being overwritten or
corrupted. By overwriting data, a threat
actor is able to achieve his goals faster.
Unfortunately, it damages the files, rather
than giving the victim the opportunity to
pay for a decryption key."
Another possible reason for this new
tactic, which involves overwriting one
legitimate file with another, is because
EDR and other behavioural detections
are getting better, explains Daniel Mayer,
threat researcher at Stairwell, a company
that helps organisations with security
solutions and strategic partner to Cyderes.
"Opening every file on a computer and just
writing a bunch of data is suspicious; it
looks like ransomware. There aren't a lot
of executables that look like that. But
opening one file and copying its contents
to another? That's something that legitimately
happens on computers all the time.
It's a muddy indicator."
Affiliates have also lost out on profits
from successful intrusions, due to exploitable
flaws in the ransomware deployed,
as was the case with BlackMatter, the
ransomware associated with previous
appearances of this .NET-based exfiltration
tool. Eliminating the step of encrypting
the data makes the process faster and
eliminates the risk of not getting the full
pay-out or that the victim will find other
ways to decrypt the data.
GET THE INSIDE LOOK
Artifacts within the sample indicate that
the development of Exmatter is ongoing.
Due to the nascent nature of the data
destruction functionality within Exmatter,
the Cyderes Special Operations and
Stairwell Threat Research teams assess
that data extortion actors are likely to
continue experimenting with data
exfiltration and destruction.
For a more in-depth analysis, Cyderes
collaborated with Stairwell, which expands
Cyderes' 360-degree detection capabilities
with its Inception platform. You can read
the full research report here: Exmatter:
Clues to the future of data extortion.
Intelligence in Depth. The potential
business impact of this new threat is
indeed great, adds Cyderes, and reinforces
organisations' focus on detection, response
and recovery, "the critical defence-in-depth
needed to prevent threat actors from
getting in".
How does Cyderes equip its clients with
the tactics and tools they need to make
sure they have the latest intelligence every
day? "It's an information game," says Shelby
Kaba, director of special operations at
Cyderes. "We have several products that
go out in the form of a Daily Intelligence
Digest for our customers, an annual Stateof-Ransomware
Report, and topical blogs
written by our threat intelligence team and
other thought leaders. Staying informed
goes a long way."
Join the experts. Interested in hearing
more? You can join security executives and
the experts who discovered the threat in
this interactive panel discussion.
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2022 computing security
35

eaches
MAJOR BREACH, HARSH LESSONS
WHAT HARSH LESSONS CAN BE LEARNED FROM THE MAJOR BREACH
SUFFERED BY UBER - AND HOW MIGHT SUCH ATTACKS BE STOPPED?
Following the Uber security breach,
disclosed in September this year, the
cybersecurity sector is still buzzing.
"While it is inevitable questions will be raised,
it's important to reiterate this breach could
not have been avoided by a single
technology solution," points out Rich Turner,
SVP EMEA at CyberArk. "Nor is it one in
which a single person, company or provider
was to blame. Saying that, there is a lot
which can be learned from the breach, with
it having a number of interesting elements
for cybersecurity professionals to delve into."
Turner lays out in detail what is known
about the attack in five stages:
Step 1: The attacker entered Uber's IT
environment by gaining access to the
credentials for its VPN infrastructure.
Step 2: The contractor whose account was
compromised likely did not have privileged
access to key resources or any other special
access permissions, but they did have access
to a network share, just like other Uber
employees. "Either this network share was
reachable or the Access Control List was
configured incorrectly to allow for broad
read access," says Turner. "After, the hacker
discovered a PowerShell script in the network
share, which included privileged credentials
for Uber's Privileged Access Management
(PAM) solution hardcoded into it."
Step 3: By stealing the administrator
credentials that were hard-coded into the
privileged access management solution,
the attacker was able to further escalate
their privileges.
Step 4: According to an Uber update,
the attacker eventually acquired 'elevated
permissions to a number of tools'. Adds
Turner: "Accessing the secrets of a privileged
access management solution carried a high
risk of harm. The SSO, consoles and cloud
management console, which Uber uses
to store private consumer and financial
information, were reportedly all
compromised by the hacker.
Step 5: Uber said the attacker 'downloaded
some internal Slack messages, as well as
accessed or downloaded information from
an internal application our finance team
uses to track some bills' - a matter that the
business reported it was looking into.
PROTECTING EMBEDDED CREDENTIALS
So, asks Turner, "how can a similar attack be
stopped?", offering his recommendations
for protecting embedded credentials.
"Getting rid of any embedded credentials
would be the first step towards preventing
a similar attack. In addition to discontinuing
this practice, we advise conducting an
environment inventory to find and remove
any hard-coded credentials that might be
present in code, PaaS configurations, DevOps
tools and internally developed applications."
However, this is simpler to say than to do,
he concedes. "In order to gradually reduce
risk, focus first on your organisation's most
important and potent credentials and secrets
before spreading these best practices."
Reiterating that neither the tools, nor
the personnel in place at Uber, is to blame
for this breach is important, he also states
that nor is there a magic bullet for stopping
cyberattacks. "No longer is it thought
an attack can be completely prevented.
However, we have some control over how
far they go. Strong, layered cyber security
defences may reduce attacks like the Uber
breach. This should be strengthened by
regular employee training to help them
identify possible sources of danger.
"These features make it more challenging
for attackers to get a foothold, manoeuvre,
find and accomplish their goals," adds Turner.
"They also enable us to minimise the effectiveness
and impact of attacks, and to resume
regular activities as soon as feasible. This is
the important knowledge we should absorb
and use in our own organisations."
36
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

www.adisa.global

GDPR
REGULATORS MEAN BUSINESS!
THE SECOND LARGEST EVER FINE FOR A BREACH OF THE EUROPEAN UNION'S GENERAL DATA PROTECTION
REGULATION WAS SLAPPED ON INSTAGRAM RECENTLY - €405 MILLION. WILL THIS FORCE ORGANISATIONS
TO ADOPT STRICTER DATA MANAGEMENT AND PROTECTION MEASURES GOING FORWARD?
When Irish regulators recently fined
Instagram 405 million euros for
violating children's privacy, under
the GDPR regulations, it signalled yet
another step in the move towards holding
all organisations to account, wherever
violations were identified. The long-running
complaint, in this instance, concerned
children's data, particularly their phone
numbers and email addresses. Some are
said to have upgraded to business accounts
to access analytics tools, such as profile
visits, without realising this made more of
their data public. Instagram owner Meta
(formerly Facebook) has said it planned to
appeal against the decision. It is the third
fine handed to the company by the
regulator.
As for the biggest GDPR-related fine to
date, this was meted out to Amazon:
a massive €746 million, announced in the
company's July 2021 earnings report, which
was almost 15 times greater than the
previous record at that time. The fine was
imposed by Luxembourg's National
Commission for Data Protection, which
claimed the tech giant's processing of
personal data did not comply with EU law.
Amazon has lodged an appeal against the
fine, only referring so far to a previous
statement in July that "there has been no
data breach, and no customer data has
been exposed to any third party".
STRICT MEASURES ESSENTIAL
According to Dan Middleton, vice president
UK & Ireland at security company Veeam,
the news that Ireland's Data Protection
Commission has issued the second largest
GDPR fine in history drives home the critical
importance of adopting strict data management
and protection measures. "While it is
by no means unique in this situation, the
photo-sharing platform involved has
changed its approach to data protection
since the issues that led to the fine took
place. However, this case demonstrates that
past data management decisions have
implications not just for the time at which
they are made, but into the future. Decision
makers need to be aware of any consequential
issues that can arise when it comes
to protecting and managing users' data.
"Businesses must place data integrity,
security and resilience at the heart of their
operations to severely reduce, if not avert,
the risk of their own and their end users'
data being exposed to unwelcome
consequences," adds Middleton. "Not only
will this prevent hefty fines, such as those
issued by the DPC, but it will ensure that
38
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

GDPR
their reputation doesn't suffer as a result of
a management error or data protection
oversight.
"When companies are entrusted with their
customers' sensitive data, there are no
measures that go too far. They must be
aware that they are custodians of any data
they collect, process and use, and it is
therefore their responsibility to ensure that
this data is protected. This needs to go
beyond a simple box-ticking exercise to
ensure GDPR compliance, and instead
a business-wide culture of transparency
and responsibility must be adopted. When
it comes to data protection, this should
include a full business continuity strategy
that includes resilience measures, along with
secure, immutable backups and disaster
recovery solutions that can be drawn upon,
if data is maliciously accessed."
WHATSAPP ALSO HIT HARD
Last year, the DPC fined WhatsApp 225
million euros, at that time the largest fine
ever from the commission and the second
highest under EU GDPR rules. Facebook
(now Meta), which also owns WhatsApp,
has its EU headquarters in Ireland. The fine
relates to an investigation that began in
2018 about whether WhatsApp had been
transparent enough about how it handles
information. The issues involved were highly
technical, including whether WhatsApp
supplied enough information to users about
how their data was processed and if its
privacy policies were clear enough. Those
policies have since been updated several
times.
"WhatsApp is committed to providing a
secure and private service," a company
spokesperson said at the time, as reported
by the BBC: "We have worked to ensure the
information we provide is transparent and
comprehensive and will continue to do
so. We disagree with the decision today
regarding the transparency we provided to
people in 2018 and the penalties are entirely
disproportionate." GDPR rules allows
for fines of up to 4% of the offending
company's global turnover.
Clearly, the GDPR is proving effective, with
the large fines administered so far to some
big-name companies proving a reminder
and deterrent to others when it comes to
responsible management of data. All of
which underscores the seriousness of
purpose with which the regulations were
planned. More than four years down the
line since the regulations came into force,
it's worth looking back at how they were
structured and the European Commission's
take on how effective they have proved
since.
First off, the European Commission accepts
that most of the issues that are identified by
Member States and stakeholders will most
likely benefit from more experience in the
application of the Regulation in the coming
years. "Increasing global convergence
around principles that are shared by the
GDPR offers new opportunities to facilitate
safe data flows, to the benefit of citizens
and businesses alike," it states.
IMPROVEMENTS WITH GDPR
Businesses, including SMEs, now have just
one set of rules to which to adhere. "The
GDPR also creates a level playing field
with companies not established in the EU
but operating here. By establishing a
harmonised framework for the protection
of personal data, the GDPR ensures that all
businesses in the internal market are bound
by the same rules and benefit from the
same opportunities, regardless of whether
they are established and where the processing
takes place. In addition, privacy has
become a competitive quality that
customers are increasingly taking into
consideration when choosing their services.
For SMEs, the implementation of the right
to data portability has the potential to lower
the barriers to entry to data protection
friendly services. Compliance with the data
protection rules and their transparent
application will create trust between
business and consumers when it comes
to the use of their personal data."
NEW TECHNOLOGIES
The GDPR is seen as an essential and
flexible tool to ensure the development
of new technologies, in accordance with
fundamental rights. "The implementation
of the core principles of the GDPR is
particularly crucial for data intensive
processing. The risk-based and technologyneutral
approach of the Regulation
provides a level of data protection, which
is adequate to the risk of the processing
also by emerging technologies."
The GDPR's technologically-neutral and
future-proof approach was put to the test
during the COVID-19 pandemic and has
proven to be successful. Its principles-based
rules supported the development of tools
to combat and monitor the spread of the
virus. The future-proof and risk-based
approach of the GDPR is also being applied
in the EU framework for Artificial
Intelligence and in the implementation
of the European Data Strategy, aimed at
fostering data availability and at the
creation of Common European Data
Spaces.
GLOBAL PROTECTION STANDARDS
The GDPR has emerged as a reference point
and acted as a catalyst for many countries
and states around the world considering
how to modernise their privacy rules.
International instruments, such as the
modernised 'Convention 108' of the Council
of Europe or the 'Data Free Flow with Trust'
initiative launched by Japan are also based
on principles that are shared by the GDPR.
This trend towards global convergence
brings new opportunities for increasing the
protection of Europeans, while, at the same
time, facilitating data flows and lowering
transaction costs for business operators.
The GDPR offers a modernised toolbox to
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2022 computing security
39

GDPR
Dan Middleton, Veeam: Businesses must
place data integrity, security and
resilience at the heart of their operations.
facilitate the transfer of personal data from
the EU to a third country or international
organisation, while ensuring that the data
continues to benefit from a high level of
protection. "This continuity of protection
is important, given that in today's world
data moves easily across borders and the
protections guaranteed by the GDPR would
be incomplete, if they were limited to
processing inside the EU. The toolbox
includes actively engaging with key partners
with a view to reaching an adequacy
finding and yielded important results such
as the creation between the EU and Japan
of the world's largest area of free and safe
data flows. Ongoing work also concerns
other transfer mechanisms, such as
standard contractual clauses and
certification, to harness the full potential of
the GDPR rules on international transfers."
What is all too clear from the sizeable fines
that were imposed on Instagram and others
is that data protection authorities are
making use of a wide range of corrective
powers provided by the GDPR, such as
administrative fines, warnings and
reprimands, orders to comply with data
subject's requests, orders to bring processing
operations into compliance with the
Regulation, to rectify, erase or restrict
processing. Nor is it all about fines as a
means to keep businesses in line. As the
EC states: "The GDPR also provides for a
broader palette of corrective powers. For
example, the effect of a ban on processing
or the suspension of data flows can be
much stronger than a financial penalty."
CHANNEL 4 - TOTAL VISIBILITY
One organisation intent on ensuring it
meets its GDPR obligations is Channel 4,
which is said to be saving its security
department thousands each year after
partnering with Invicti Security to gain
complete visibility into its web assets.
As part of protecting the information it
collects, in line with regulations such as
GDPR, Channel 4 - which operates the UK's
biggest free streaming service, All 4, plus a
network of 12 television channels - needs
to secure vast amounts of information,
including the data of 24 million All 4
subscribers, as well as staff details, and all
of its intellectual property and be able to
demonstrate that this data is safe and
secure.
As a large organisation with thousands
of web assets, security was previously a
complex and expensive task, involving
numerous penetration tests with multiple
third parties, costing significant sums to the
business. "We would perform a penetration
test and after getting the results, we'd have
to fix the issue and then pay for another
penetration test," says Channel 4 CISO Brian
Brackenborough. "That could be quite a
cycle depending on how complicated the
particular project was."
Channel 4 now uses Invicti to gain visibility
into whether websites are collecting
personally identifiable information (PII). It
can then perform vulnerability scans and
penetration tests on those websites. The
efficiency gains and cost savings are clear:
partnering with Invicti saved Channel 4
thousands in the first year alone. "The
budget, which we were spending every
year on penetration testing, decreased
approximately 60%. The following year,
it decreased close to 80%," he adds.
Using Invicti, Channel 4 can start
performing automated and continuous
penetration tests or vulnerability scans
against systems at certain milestones of
a project to make sure it stays on track. It
allows Channel 4 to catch any issues early
on in the process, prioritising vulnerabilities
that put the organisation at risk, so it can
fix them with less manual effort.
"That makes our lives a lot easier and allows
us to ensure we are delivering projects on
budget and on time," says Brackenborough.
40
computing security Nov/Dec 2022 @CSMagAndAwards www.computingsecurity.co.uk

ALL-INCLUSIVE
SECURITY
SPAM FILTER &
ADVANCED EMAIL SECURITY
SIGNATURE & DISCLAIMER
TOTAL PROTECTION
ENTERPRISE BACKUP
EMAIL ARCHIVING,
ENCRYPTION & CONTINUITY
BACKUP & RECOVERY
FROM EMAIL SECURITY
TO BACKUP & RECOVERY
ALL IN ONE SOLUTION!
START YOUR FREE
30-DAY-TRIAL
WWW.HORNETSECURITY.COM

Strengthen your data resilience with
Immutable Backup from Arcserve
Buy an Arcserve Appliance secured by Sophos,
and get OneXafe immutable storage!
Arm your business with a multi-layer protection approach to strengthen your overall data resilience. Arcserve
brings you data backup, recovery, and immutable storage solutions with integrated cybersecurity to defeat
ransomware and provide the best-in-class data management and data protection solution in the market.
Arcserve UDP Data
Protection Software
Unified data and ransomware
protection to neutralize
ransomware attacks,
restore data, and perform
orchestrated recovery.
Arcserve Appliances
All-in-one enterprise backup,
cybersecurity, and disaster
recovery, with multipetabyte
scalability.
StorageCraft OneXafe
Immutable Storage
Scale-out object-based NAS
storage with immutable
snapshots to safeguard data.
Get multi-layer protection!
SCAN HERE